Powered by Zoomin Software. For more details please contactZoomin

Secure MarkLogic Server

Tool to View Encrypted Log Files Outside of MarkLogic Server

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
Table of Contents

Tool to View Encrypted Log Files Outside of MarkLogic Server

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 14, 2026
  • 2 minute read
    • MarkLogic Server
    • Version 10.0
    • Documentation

MarkLogic Server encryption at rest includes the mlecat command line tool, which can be used to view encrypted log files outside of the server.

Note:

Windows users use mlecat.bat instead of mlecat.

The mlecat tool can be used successfully in either of these conditions:

  • If the mlecat tool is given access to the MarkLogic Server data directory and the .pem files.

  • If the log files are encrypted with a user-specified logs passphrase and the same logs passphrase is passed to mlecat with -p option.

Note:

The mlecat tool should be run by a user with sufficient OS privileges to access the PKCS#11 wallet (located by default at /var/opt/MarkLogic). It is suggested that the user be a member of group running MarkLogic Server (by default daemon).

If you want to decrypt log files without having access to your KMS, you must set a logs-encryption-passphrase. To set this passphrase, use the admin:cluster-set-keystore-logs-encryption-passphrase() function. For example:

xquery version "1.0-ml"; 
import module namespace admin = "http://marklogic.com/xdmp/admin" 
  at "/MarkLogic/admin.xqy";

let $config := admin:get-configuration()
let $passphrase := "dazzling zebras"
let $config := admin:cluster-set-keystore-logs-encryption-passphrase
   ($config,$passphrase)
return admin:save-configuration($config)

Note:

Log file encryption must be enabled for this passphrase to be used.

For every OS you must add MARKLOGIC_INSTALL_DIR and MARKLOGIC_INSTALL_DIR/bin to your PATH. For example,

PATH=$MARKLOGIC_INSTALL_DIR:$MARKLOGIC_INSTALL_DIR/bin:$PATH

For more about setting environment variables on various platforms, see the information about installation and data directories as part of Installing MarkLogic in Installation Guide for All Platforms.

To see the command line options for the mlecat tool, invoke mlecat with no arguments:

mlecat
==>
mlecat [option] filepath(s)
option:
  -i iDIR, iDir is the MarkLogic Server Install directory, alternatively the environmental variable
MARKLOGIC_INSTALL_DIR can be used to set this value.
  -d dDIR, dDIR is the MarkLogic Server Data directory, alternatively the environmental variable
MARKLOGIC_DATA_DIR can be used to set this value
  -p PASS, PASS is your logs-encryption-passphrase (if you are using one); 
  [-f] filepath(s), one or more file paths (-f can be specified before each file for explicit file list)

For example:

mlecat -p admin /var/opt/MarkLogic/Logs/ErrorLog.txt

Defaults for the MarkLogic Server data and install directories are shown in this table:

Platform

Installation Directory

Default Data Directory (for configuration and log files)

Windows

c:\Program Files\MarkLogic

c:\Program Files\MarkLogic\Data

Red Hat Linux

/opt/MarkLogic

/var/opt/MarkLogic

Mac OS X

~/Library/MarkLogic

~/Library/Application Support/MarkLogic/Data

For more about setting environment variables on various platforms, see the information about installation and data directories as part of Installing MarkLogic in Installation Guide for All Platforms.

TitleResults for “How to create a CRG?”Also Available inAlert